#
user {{ ngx_arg.user }} {{ ngx_arg.user }};
worker_processes {{ ngx_arg.worker_processes }};
worker_cpu_affinity {{ ngx_arg.worker_cpu_affinity }};

{% if ngx_version == 'extras' %}
# Load dynamic modules
load_module modules/ngx_http_headers_more_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
load_module modules/ngx_http_brotli_filter_module.so;
{% endif %}
{% if ngx_version == 'extras' and ngx_modsecurity | bool %}
load_module modules/ngx_http_modsecurity_module.so;
{% endif %}
{% if ngx_version == 'extras' and ngx_pagespeed | bool %}
load_module modules/ngx_pagespeed.so;
{% endif %}

events {
  multi_accept on;
  use epoll;
  worker_connections {{ ngx_worker_connections }};
}

http {
  client_body_temp_path {{ ngx_temp_path }}/client_body_temp;
  client_body_timeout {{ ngx_client_body_timeout }};
  client_max_body_size {{ ngx_client_max_body_size }};
  default_type application/octet-stream;
  etag {{ ngx_arg.etag }};
  expires {{ ngx_expires }};
  include mime.types;
{% if ngx_version == 'extras' %}
  more_set_headers "Server: secure-{{ 59 |random(seed=inventory_hostname) }}{{ inventory_hostname|upper|b64encode|b64encode|replace('==', '') }}";
{% endif %}
  keepalive_requests {{ ngx_keepalive_requests }};
  keepalive_timeout {{ ngx_keepalive_timeout }};
  open_file_cache max=200000 inactive=20s;
  open_file_cache_errors on;
  open_file_cache_min_uses 2;
  open_file_cache_valid 30s;
  reset_timedout_connection on;
  scgi_temp_path {{ ngx_temp_path }}/scgi_temp 1 2;
  send_timeout {{ ngx_send_timeout }};
  sendfile on;
  server_name_in_redirect on;
  server_names_hash_bucket_size 64;
  server_tokens {{ ngx_arg.server_tokens }};
  tcp_nodelay {{ ngx_arg.tcp_nodelay }};
  tcp_nopush {{ ngx_arg.tcp_nopush }};
  types_hash_max_size 2048;
  uwsgi_temp_path {{ ngx_temp_path }}/uwsgi_temp 1 2;

  # Logging Settings #
{% for value in ngx_set_real_ip_from %}
  set_real_ip_from {{ value }};
{% endfor %}
  real_ip_header {{ ngx_real_ip_header }};
  real_ip_recursive on;
  open_log_file_cache max=1000 inactive=60s;
  map "$request_method" $loggable { "HEAD" 0; default 1; }
  map $upstream_connect_time  $map_upstream_connect_time  { default $upstream_connect_time;  "" 0; }
  map $upstream_response_time $map_upstream_response_time { default $upstream_response_time; "" 0; }
  log_format main   '[$time_local] '
                    '"$remote_addr" '
                    '"$http_x_forwarded_for" '
                    '$body_bytes_sent '
                    '$connection_requests '
                    '"$host" '
                    '"$http_referer" '
                    '"$http_user_agent" '
                    '"$request" '
                    '$request_length '
                    '"$request_method" '
                    '$request_time '
                    '$status '
                    '"$scheme" '
                    '"$server_port" '
                    '"$server_protocol" '
                    '"$ssl_cipher" '
                    '"$ssl_protocol" '
                    '"$upstream_addr" '
                    '$map_upstream_connect_time '
                    '$map_upstream_response_time';
  log_format syslog escape=json '{ "timestamp": "$time_iso8601", '
                    '"enviornment": "{{ environments | default("ENV") | upper }}", '
                    '"group": "{{ group_names[-1] | default("GROUP") | upper }}", '
{% if tags is defined %}
{% for key,value in tags.iteritems() %}
                    '"{{ key }}": "{{ value }}", '
{% endfor %}
{% endif %}
                    '"body_bytes_sent": $body_bytes_sent, '
                    '"connection_requests": $connection_requests, '
                    '"host": "$host", '
                    '"http_referrer": "$http_referer", '
                    '"http_user_agent": "$http_user_agent", '
                    '"http_x_forwarded_for": "$http_x_forwarded_for", ' 
                    '"remote_addr": "$remote_addr", '
                    '"request": "$request", '
                    '"request_length": $request_length, '
                    '"request_method": "$request_method", '
                    '"request_time": $request_time, '
                    '"response_status": $status, '
                    '"scheme": "$scheme", '
                    '"server_port": "$server_port", '
                    '"server_protocol": "$server_protocol", '
                    '"ssl_cipher": "$ssl_cipher", '
                    '"ssl_protocol": "$ssl_protocol", '
                    '"upstream_addr": "$upstream_addr", '
                    '"upstream_connect_time": $map_upstream_connect_time, '
                    '"upstream_response_time": $map_upstream_response_time }';

  access_log off;
  error_log /dev/null crit;

  # FastCGI Settings #
  fastcgi_buffer_size 128k;
  fastcgi_buffers 8 256k;
  fastcgi_intercept_errors on;
  fastcgi_keep_conn on;
  fastcgi_read_timeout {{ ngx_fastcgi_read_timeout }};
  fastcgi_temp_path {{ ngx_temp_path }}/fastcgi_temp 1 2;

  # Proxy Settings #
  port_in_redirect off;
  proxy_cache_key "$scheme$host$request_uri";
  proxy_cache_path {{ ngx_temp_path }}/proxy_cache levels=1:2 keys_zone=czone:16m max_size=32m inactive=10m;
  proxy_cache_valid 200 302 10m;
  proxy_connect_timeout {{ ngx_proxy_connect_timeout }};
  proxy_read_timeout {{ ngx_proxy_read_timeout }};
  proxy_send_timeout {{ ngx_proxy_send_timeout }};
  proxy_temp_path {{ ngx_temp_path }}/proxy_temp;

  # COMPRESSION #
{% if ngx_compress | bool and ngx_version == 'standard' %}
  # GZIP SETTINGS #
  gzip on;
  gzip_buffers 16 512k;
  gzip_comp_level 6;
  gzip_disable "MSIE [1-6]\.";
  gzip_http_version 1.1;
  gzip_proxied expired no-cache no-store private auth;
  gzip_static on;
  gzip_types text/xml text/plain text/javascript text/css application/json application/font-woff application/vnd.ms-fontobject application/vnd.apple.mpegurl application/javascript;
{% elif ngx_compress | bool and ngx_version == 'extras' %}
  # Brotli #
  brotli on;
  brotli_comp_level 6;
  brotli_window 512k;
  brotli_buffers 16 512k;
  brotli_min_length 20;
  brotli_types text/xml text/plain text/javascript text/css application/json application/font-woff application/vnd.ms-fontobject application/vnd.apple.mpegurl application/javascript;
  brotli_static always;
{% else %}
{% endif %}

{% if ngx_pagespeed | bool and ngx_version == 'extras' %}
  # Google PageSpeed #
  pagespeed on;
  pagespeed Statistics on;
  pagespeed StatisticsLogging on;
  pagespeed AdminPath /ngx_pagespeed_admin;
  pagespeed FileCachePath {{ ngx_temp_path }}/ngx_pagespeed_cache;
  pagespeed FileCacheSizeKb 1024000;
  pagespeed FileCacheCleanIntervalMs -1;
  pagespeed HonorCsp on;
  pagespeed RespectVary on;
  pagespeed DisableRewriteOnNoTransform off;
  pagespeed LowercaseHtmlNames on;
  pagespeed ModifyCachingHeaders off;
  pagespeed XHeaderValue "";
  pagespeed FetchHttps enable;
  pagespeed EnableFilters insert_dns_prefetch,collapse_whitespace,remove_comments,combine_css,rewrite_css,combine_javascript,rewrite_javascript;
{% endif %}

  # Virtual Host Configs #
  include {{ ngx_conf_path }}/conf.d/*.conf;
}
